A significant data breach has reportedly exposed personal details of over 1 million customers from at least 16 licensed clubs in New South Wales (NSW), including those of key government officials. Cybercrime detectives are actively investigating the situation after an unauthorized website claimed to have leaked the information.
The IT provider, Outabox, has acknowledged a breach in a client-used sign-in system by an “unauthorised” third party. Outabox is coordinating with law enforcement to delve into the specifics of the breach while complying with ongoing legal constraints due to the active police investigation.
Among the compromised data are details of NSW Premier Chris Minns and other high-profile government figures. The breach impacts customers who visited these venues, as per state regulations requiring clubs to collect and securely store patron information.
The affected clubs include:
- Breakers Country Club
- Bulahdelah Bowling Club
- Central Coast Leagues Club
- Mex Club Mayfield
- City of Sydney RSL
- East Cessnock Bowling Club
- Fairfield RSL Club
- Gwandalan Bowling Club
- Halekulani Bowling Club
- Hornsby RSL Club
- Ingleburn RSL Club
- Club Old Bar
- Club Terrigal
- The Tradies Dickson
- Erindale Vikings
- Not just members affected
Officials have stated that the breach stemmed from a third-party vendor and was not a direct hack. ID Support NSW has stepped in to assist those affected and to mitigate potential identity theft risks.
As the investigation continues, ClubsNSW is reaching out to potentially impacted patrons to warn them of the breach and advise caution, particularly regarding phishing scams and suspicious communications.
Such incidents underscore the critical importance of robust incident response strategies and regular penetration testing to identify vulnerabilities before they are exploited.
